We would like to gather some feedback from those who have expressed interest in this idea.

1. This would be a configurable option, that can be enabled by any FME Server administrator in the web interface after an installation is complete. Would this be a problem for any of your deployment workflows?

2. What types of configurable options are required for setting the "time length" before a password is marked expired? Would setting an integer value for either days, weeks, months, or years be acceptable?

3. Given that a user's password has expired, should that user be able to access any functionality (including REST API endpoints)? If "yes", please be specific.

4. Given that a user's password has expired, that user must change their password by accessing the web interface and logging in with old credentials – where they would be prompted with a web form to enter a new password. Is this acceptable, or would you suggest changes to this workflow?

5. Given that a user's password has expired, should that user have any of their API Tokens disabled? Note that this would affect FME Server Apps as well.

This feature would only apply to local user accounts on FME Server, and would not affect any Active Directory accounts that have been imported.

Any feedback is greatly appreciated! Please do not feel obligated to answer or comment on every item above, and let us know if you have any other criteria to add.

For the first iteration / feature release, please see below for the implementation choices that were made...

1. This is a configurable option, that can be enabled by any FME Server administrator in the web interface after an installation is complete.

2. Users can set the number of days before a password is marked expired; this is across all FME Server User Accounts – though does not affect Active Directory.

3. Given that a user's password has expired, that user will not be able to access any FME Server functionality (including REST API endpoints) until they reset their password in the Web Interface.

4. Given that a user's password has expired, that user must change their password by accessing the Web Interface and logging in with old credentials – where they would be prompted with a web form to enter a new password

5. Given that a user's password has expired, their API Tokens are not disabled.

Your Opinion Counts

Share your great idea, or help out by voting for other people's ideas.